Summary: | <net-dns/pdns-recursor-3.6.1: A specific sequence of packets can crash PowerDNS Recursor 3.6.0 remotely (CVE-2014-3614) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ronny Boesger <ronny+bugsgentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ronny+bugsgentoo, swegener |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blog.powerdns.com/2014/09/10/security-update-powerdns-recursor-3-6-1/ | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Ronny Boesger
2014-09-11 08:32:16 UTC
(In reply to Ronny Boesger from comment #0) > We regret that we have to announce a PowerDNS Recursor security release: > Thank you for the report. @maintainer(s): after the bump please advice or initiate stabilization as needed. Changing rating from B to ~ as the 3.6 branch has never been stabilized. That also removes any need for stabilization for this bug. After the bump, please clean up the vulnerable version. *** Bug 524450 has been marked as a duplicate of this bug. *** 3.6.1 is in the tree and 3.6.0 is gone. (In reply to Sven Wegener from comment #4) > 3.6.1 is in the tree and 3.6.0 is gone. So... where is the stabilisation request? 3.6.2 is out since Oct 30, 2014, which fixes some issues in 3.6.1 URL: http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.6.2 closing as noglsa. |